Privacy Policy
Pecorama Privacy Policy
Pritchard Patent Product Company (2001) Limited
GDPR Data Protection Policy
Introduction
As we engage with people interested in our services, we need to collect and use information that
relates to them.
We also need to collect and use information about the people who work with us, which includes
employees, suppliers, consultants, contractors and other people that we have a relationship with.
This policy describes how we will collect, handle and store people’s personal data to ensure that we
meet our high data protection standards and to show to people that we comply with relevant
legislation.
Why have we created this policy?
This policy ensures that Pritchard Patent Product Company (2001) Limited:
• Complies with data protection laws and follows good practice;
• Upholds the rights of its employees, customers and partners;
• Is fair and transparent in how it collects, processes and shares personal data; and
• Protects the individual personal data it holds, by reducing the likelihood of a data breach.
Data protection law
The General Data Protection Regulation (GDPR) sets out how organisations, including Pritchard
Patent Product Company (2001) Limited, must collect, process and share personal data. These rules
apply regardless of whether data is stored electronically, on paper, or using other
materials/methods such as CCTV or other recordings such as call recordings, drones and dash cams.
Personal data or Personally Identifiable Information (PII) as it is known under the GDPR, is
information that can be used on its own, or with other information to identify, contact, locate or
identify a living person. Information can include but is not limited to:
• Name
• Email address
• Telephone number
• Postal address
• Date of birth
You should assume that whenever you handle personal data, it will involve some type of processing
and therefore it must be carried out in accordance with the requirements of the GDPR. At least one
of the following must apply to permit you to collect and process personal data:
1. Legitimate Interests: the processing of personal data is necessary for the company’s
legitimate interests unless there is good reason to protect the individual’s personal data. The
test is whether an individual would, or should, reasonably expect the processing to take
place by the company
2. Contract: the processing is necessary for the performance of a contract with the individual,
or to take steps to enter into a contract e.g. contracts of employment, reservation
agreements
3. Legal Obligation: the processing is necessary for us to comply with the law (not including
contractual obligations) e.g. undertaking Anti-money laundering checks for fraud prevention
4. Vital Interests: the processing is necessary to protect someone’s life i.e. keeping next of kin
information for health and safety purposes
5. Consent: we have obtained the individual’s consent to process the personal data e.g. when
sending out marketing campaigns
Pritchard Patent Product Company (2001) Limited must be responsible for and be able to
demonstrate that personal data is:
1. Processed fairly and lawfully;
2. Obtained only for specific lawful purposes;
3. Adequate, relevant and not excessive;
4. Accurate and kept up-to-date;
5. Not held for any longer than necessary; and
6. Secure and protected.
People, Risks and Responsibilities
Who does this policy apply to?
• Pritchard Patent Product Company (2001) Limited Head Office;
• All brands of Pritchard Patent Product Company (2001) Limited;
• All divisions, branches and offices of Pritchard Patent Product Company (2001) Limited,
whether permanent or temporary;
• All employees, regardless of work level;
• All contractors, suppliers and other people working on behalf of Pritchard Patent Product
Company (2001) Limited;
• Any of our joint venture partnerships.
It applies to all personal data that the company holds, this includes:
• Customer information e.g. Prospects or those who have purchased our services, including
family members;
• Employee details e.g. Health information, financial details, benefits and pensions
• The use of CCTV within our Offices to ensure we provide a safe and secure environment for
all visitors to our premises and for the protection of our employees and property; and
• Recorded calls for training and quality purposes to and from our Customer Services and IT
Service desk.
What are the risks involved?
This policy helps to protect Pritchard Patent Product Company (2001) Limited from some very real
data security risks, including:
• Breaches of confidentialityThis could include information being given out inappropriately, sharing too much
information or sharing information without consent or lawful basis.
• Failing to be transparent
For instance, not telling individuals how their information will be used, using their
information for different reasons to what they have been told and failing to inform
individuals as to how they can exercise their rights.
• Reputation damage
For example, the company could suffer if hackers successfully gained access to sensitive data
or it was found to be breaching privacy principles.
• Fines
The company could be fined up to €20 million, or 4% of global turnover, whichever is higher.
Individuals could also bring a compensation claim against the company for any damages that
they believe they have suffered.
The ‘Data Protection Framework’
To ensure consistency in the way in which we handle personal data, Pritchard Patent Product
Company (2001) Limited has put in place a Data Protection Framework, which includes policies,
procedures, guidance and records.
It covers:
Our compliance processes and procedures
Employee awareness training ensures that teams are aware of data protection and its implications
before choosing a particular route. Further details can be located within the Data Protection Chapter
under the Pritchard Patent Product Company (2001) Limited Policies and Procedures Manual.
Privacy and Security by Design
Data protection is fundamental to our approach to any new business or initiative. As a result, we
have integrated security and data protection into our operational processes. This means certain
changes, risks and incidents trigger specific actions such as:
• Documenting our processing activity
• Data Protection Impact Assessments (DPIA); and
• Change Control
Privacy by Design
Privacy by Design is an approach to company initiatives, projects and IT system changes that
promotes consideration of privacy and data protection compliance from the start. Undertaking this
process will help us identify any potential problems from an early stage, considering risk and
ensuring we put adequate measures in place to safeguard individual’s personal data.
Data Privacy Impact Assessments (DPIA)
Data Processing Impact Assessments (DPIA) is a tool that we use to identify and reduce the privacy
risks of any new or revised projects. A DPIA helps us to consider what data protection risks may
occur if we undertake a particular project or partner with a new third-party supplier. The DPIA helps
us to work through specific questions, which can reduce the risk of harm to individuals through the
misuse of their personal information. It can also help us design more efficient and effective
processes for handling personal data.Change Control
If you are looking to:
• introduce a new internal system; or
• make changes to existing systems and processes; or
• share data with new partners
then these must be assessed and be approved via the following Change Control Boards:
• Data Protection Officer (DPO)
o The DPO is the first tier responsible for taking a detailed holistic review of IT related
changes. Primary objectives of the DPO are to review, in detail, company IT
proposals and make recommendations to the Senior Management team as to
whether projects should be initiated and implemented into the company.
• The Directors approve changes and investment in new systems and allocates resource to IT
projects.
Governance
All employees should be aware of the structures in place, so that they can assure suppliers, identify
risks, report breaches in security and handle requests for information.
Responsibilities
Everyone who works for or with Pritchard Patent Product Company (2001) Limited shares the
responsibility of ensuring that data is collected, stored, processed and shared appropriately.
Departments or functions that handle personal data must process it in line with this policy and the
data protection principles. In addition to this, certain people and teams have specific areas of
responsibility:
• The Board of Directors
Ultimately responsible for ensuring that Pritchard Patent Product Company (2001) Limited
meets its legal obligations.
• The Data Protection Officer (DPO)
The person in this role is responsible for:
o Keeping the Board updated about data protection responsibilities, risks and issues;
o Reviewing all data protection procedures and related policies in line with an agreed
schedule to ensure they remain up to date and effective;
o Dealing with requests from individuals who want to see the data that Pritchard
Patent Product Company (2001) Limited holds about them (Subject Access
Requests);
o Has responsibility to reporting any breaches to the ICO;
o Handling data protection questions from employees and anyone else covered by this
policy;
o Checking and approving any contracts or agreements with 3rd parties that may
handle personal data; and
o Reviewing and signing-off Data Protection Impact Assessments.
• Group IT
They are responsible for:o Ensuring that all systems, services and equipment used for storing personal data
meet acceptable security standards;
o Performing regular checks and scans to ensure security hardware and software is
secure and fit for purpose; and
o Evaluating any 3rd party services the company is considering for the storage or
processing of personal data.
• Group Sales and Marketing
They are responsible for:
o Approving any data protection statements in our customer communications, such as
emails, letters and online;
o Where necessary, working with other employees to ensure marketing initiatives
abide by the data protection principles; and
o Ensuring marketing databases are checked against our suppression files (email
addresses not to be used by us) each time a marketing campaign is run.
• HR
They are responsible for:
o Ensuring the company holds employee data securely;
o Obtaining consent for any sensitive categories of data the company wishes to use;
o Has adequate measures in place between us and any external 3rd parties which
process personal data on behalf of the company (e.g. pension providers); and
o Arranging data protection training and awareness for the company.
• Management at all levels
These individuals are at Department and functional level and are responsible for:
o Ensuring fulfilment of the data protection provisions within their department or
function;
o Liaising with the Senior Management Team and DPO on responsibilities and
controls;
o Carry our local data destructions (paper stores etc);
o Complete a Self-Audit each year on behalf of the division on active GDPR controls;
and
o Assist the division in ensuring that DPIAs are considered and carried out.
• Senior Responsible Owner (SROs)
These are individuals who are responsible for:
o Introducing new systems; and
o Vetting our suppliers with whom we share personal data with.
General employee’s guidelines
To ensure the objectives of this policy are met, we have outlined the steps we should take as a
business to reduce the likelihood of a breach of information.
Necessary eyes only
The data covered by this policy should only be accessed by those who need to do so for work
purposes. Data should never be shared informally. Personal data should not be disclosed to
unauthorised people, either within the company or externally. Time to train
Pritchard Patent Product Company (2001) Limited will provide training to all employees, so that you
know what your responsibilities are when handling data.
Strong passwords
We must use strong passwords at all times and they should never be shared unless authorised by IT.
Our baseline standard criteria for passwords should:
• Not contain your username or full name, or parts of your username or full name that
exceed two consecutive characters;
• Be a minimum of 6 characters in length. There is no maximum length; and
• Contain a minimum of 1 character from three of the following four categories:
1. English uppercase characters (A-Z)
2. English lowercase characters (a-z)
3. Base 10 digits (0-9)
4. Non-alphabetic characters (e.g.!, £, #, %)
Ask for help
If you are unsure about any aspect of data protection, ask for help from your Line Manager or the
DPO.
Data storage
The following rules describe how and where data should be safely stored:
When keeping paper records:
• Keep data locked away: When not required, paper files should be kept in a locked drawer or
filing cabinet.
• Keep it secure: Paper and printouts must not be left where unauthorised people could see
them (e.g. on a printer).
• Shred when done: Any printouts of personal data should be shredded and disposed of
securely when no longer required.
When keeping electronic records:
• Use strong passwords: Data must be protected by strong passwords, see above, that are
never shared.
• Keep data locked away: If data is stored on removable media (e.g. USB, DVD) these must be
encrypted and kept locked away when not being used.
• Use designated servers: Data should only be stored on designated drives and servers and
should only be uploaded to approved cloud computing services.
• Use secure locations: Servers containing personal data must be sited in a secure location,
away from the general office space.
• Back-up frequently. Data backups must be tested in line with company standard backup
procedures.
• Keep it secure: Never save data directly onto your laptop or other mobile devices.
When using data:
• Secure your screen: When working with personal data, ensure that you always lock the
screen of your computer when unattended.• Keep it to yourself: Personal data should not be shared informally. Care should be taken
when sending emails which contain information that may harm an individual’s right to
privacy if disclosed to the wrong people – email is not a secure form communication.
• Use encryption: Data must be encrypted before it is transferred electronically.
• Ask before sending: Personal data should never be transferred outside the European Union
without consulting the Data Protection Officer or a senior Director.
• Keep it secure: Never save copies of personal data to your own computer.
• External storage solutions: Any personal data must not be stored onto external storage
solutions which are not managed by IT (i.e. personal Dropbox)
GDPR Data Map
To comply with the GDPR requirements, we will maintain a formal and accurate record of our data
processing activities. The Data Map is will include:
• Information assets;
• Processing & activities;
• 3rd Parties (Partners);
• Data Transfers; and
• Risks and Controls.
Data accuracy
It is important that the data we process is accurate and, where necessary, kept up-to-date. In fact,
the more important the information is, the greater the effort we should put into ensuring its
accuracy.
Storing data
Data should be held in as few places as necessary. Employees should not create any unnecessary
additional data sets.
Correcting data
Employees should take every opportunity to ensure data is up-to-date, for instance, by confirming a
customer’s details when they call. Be sure to update our systems as soon as you discover an
inaccuracy.
Enabling amends
Pritchard Patent Product Company (2001) Limited make it easy for individuals to update the
information held about them (e.g. via notification to HR and Payroll).
Requests for information
If individuals contact us to ask about the information we hold on them, it is called a ‘subject access
request’. All individuals that we hold information about are entitled to:
• Request to know what information Pritchard Patent Product Company (2001) Limited holds
about them and why;
• Ask for a copy of the information we hold about them;
• Learn how to keep their data up-to-date;
• Learn how to object to processing;
• Find out how their data is being used; and• Learn about the security safeguards we have in place to prevent the accidental or deliberate disclosure of their information.
Subject access requests are addressed in a separate policy.
Disclosing data for legal reasons
In certain circumstances, the GDPR requires personal data to be disclosed to law enforcement
agencies without the consent of the individual concerned.
Under these circumstances, Pritchard Patent Product Company (2001) Limited will disclose the
requested data. However, the Data Protection Officer must be informed first, so that they can
confirm the request is legitimate and ensure that it is handled correctly.
In the interest of fairness
It’s our aim to make sure that individuals understand when their data is being processed, how their
data is being used and how to exercise their rights. To achieve this, we have written a GDPR Data
Protection Policy and Cookies Policy, which sets out how personal data is used by the company(s).
This is available on the Pritchard Patent Product Company (2001) Limited website.
DigiTickets Privacy Policy
Who we are
In this privacy policy references to "we", "us" and "our" are to Pecorama. References to "our Website" or "the Website" are to pecorama.digitickets.co.uk.
Information collected and its use
The information we collect via the Website may include:
- Any personal details you knowingly provide us with through forms and our email, such as name, address, telephone number etc.
- In order to effectively process credit or debit card transactions it may be necessary for the bank or card processing agency to verify your personal details for authorisation outside the European Economic Area (EEA). Such information will not be transferred out of the EEA for any other purpose.
- Your preferences and use of email updates, recorded by emails we send you (if you select to receive email updates on products and offers).
- Your IP Address, this is a string of numbers unique to your computer that is recorded by our web server when you request any page or component on the Website. This information is used to monitor your usage of the Website.
- Information about your device such as your web browser, screen resolution and operating system. This information is used to ensure we continue to support the different devices used by our customers.
- Data recorded by the Website which allows us to recognise you and your preferred settings, this saves you from re-entering information on return visits to the site. Such data is recorded locally on your computer through the use of cookies. Most browsers can be programmed to reject, or warn you before downloading cookies, information regarding this may be found in your browsers 'help' facility.
We do not store any credit card details.
What we do with your information
Any personal information we collect from this website will be used in accordance with the Data Protection Act 1998 and other applicable laws. The details we collect will be used:
- To process your order, to provide after sales service (we may pass your details to another organisation to supply/deliver products or services you have purchased and/or to provide after-sales service);
- In certain cases we may use your email address to send you information on our other products and services. In such a case you will be offered the option to opt in/out before completing your purchase.
We may need to pass the information we collect to other companies for administrative purposes. We may use third parties to carry out certain activities, such as processing and sorting data, monitoring how customers use the Website and issuing our e-mails for us. Third parties will not be allowed to use your personal information for their own purposes.
Cookie Policy
Like many websites we use cookies to store and then retrieve small bits of information on your computer when you visit. This information is used to make the site work as you expect it to. It is not personally identifiable to you, but it can be used to give you a more personalised web experience.
Some of the information stored is put there by other companies whose software we have added to the site, and this can also impact your experience of other websites you may visit after leaving ours.
If you continue to use this site without taking action to prevent the storage of this information, you are effectively agreeing to this use.
If you want to learn more about the general uses of cookies, including how to stop them being stored by your computer, please visit Cookiepedia - all about cookies.
Below is a list of the different types of cookies used on this site, and an explanation of what they are used for. If you would like any more information, please get in touch.
Cookie |
Name |
Expiration Time |
Purpose |
Shopping Basket |
PHPSESSID |
24 minutes |
This cookie is used to keep track of what items are in a user's shopping basket. |
Cookie Consent |
dtAnalyticsConsent |
1 year |
This cookie is used to monitor the users consent for analytical cookies on our site. No user data is collected without this being enabled. |
Google Analytics |
_ga |
2 years |
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. |
_gid |
24 hours |
||
_gat_tracker-name |
1 minute |
||
Microsoft Clarity |
_clck |
1 year |
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site and how they interact with the website. |
_clsk |
1 year |
||
CLID |
1 year |
||
ANONCHK |
1 year |
||
MR |
1 year |
||
MUID |
1 year |
||
SM |
1 year |
||
New Relic |
__cfduid |
1 year |
This cookie is used to collect information about visitor's experience of the site in terms of performance. This helps us to monitor that our systems are working quickly and effectively, and to identify any problematic areas. |
Your Rights
You have the right to request a copy of any information that we currently hold about you. In order to receive such information please send your contact details including address to the following address:
Pecorama
Underleys ,Beer, Devon
EX12 3NA
Other websites
This privacy policy only covers this website. Any other websites which may be linked to by our website are subject to their own policy, which may differ from ours.
Our payments are processed using : WorldPay
